I'm going with C. Wouldn't want to be the organization that can't demonstrate its security controls are based on actual risk, right? That's just asking for trouble.
I think A is the right choice. Documenting the complexity of processes and their interactions is crucial for understanding the organization's operations.
Option C is clearly the correct answer. An organization needs to demonstrate that its security controls are implemented based on risk scenarios to ensure effective risk management.
Daniel
2 months agoMing
2 months agoChauncey
2 months agoKanisha
2 months agoTimmy
1 months agoSilvana
2 months agoArlyne
2 months agoLashonda
1 months agoChristiane
2 months agoDenny
2 months agoRoyal
2 months agoTyisha
3 months agoDaniel
2 months agoTerrilyn
2 months agoSharee
2 months agoLashawnda
2 months agoAlise
3 months agoChuck
3 months agoJanessa
3 months agoHuey
3 months agoGerald
3 months agoCharolette
2 months agoMatilda
2 months agoKeneth
3 months agoAnnalee
3 months ago